Docker Engine

General

Docker engine is a command line which interacts with docker daemon to perform RESTful web requests like pulling images, spawn containers etc.

Once docker being installed successfully, it is able to use docker in command line to run docker engine.

Cannot connect to the Docker daemon. Is the docker daemon running on this host?

This error is given if docker cannot connect to $DOCKER_HOST.

There are 3 env vars needed to run docker command correctly:

DOCKER_HOST: The docker daemon host. It could be something like “tcp://xxx.xxx.xxx.xxx:2376” depends on daemon configuration.

DOCKER_TLS_VERIFY: Whether to verify the connection is TLS or not. It could be “1” – TLS only or “0” – TLS disabled. For production “1” is a must be.

DOCKER_CERT_PATH: If TLS is enabled, where to find related certs. It points to a folder containing current client private key, certificate and a trusted CA certificate. (ca / cert / key).pem. For more information about TLS, please see here.

To switch between Docker daemon instances, change the 3 env vars above to correct ones. With help of Docker Machine, we do not need to do this manually.

Tips

Run a docker image

12

docker run -itd <image name>#e.g. docker run -itd nginx

This command will pull the image from docker hub if image not existed and then run the default command of the image.

-i: Keep STDIN open

-t: Allocate a pseudo-TTY. This is essential for logs which directly write to stdout/stderr

Network && Links

Docker compose will automatically create a overlay network which has all services registered under same network. That means all service can access each other through its name. In the example, it is able to ping blog from nginx container.

Docker Machine

Docker machine is a VM level tool. It helps provision a bare VM (or non-bare VM) to be docker ready.

It is highly recommended to provision Docker daemon using this way on your own VM.

It has a bunch of built-in drivers like digital ocean, aws etc. However, as long as you got SSH access and root account, it should not be a big problem.

Point to a machine

Backup your machines !!!

The docker-machine will use /.docker/machine to store all your certs / configurations.Backup it and protect it.

Docker Swarm

Docker swarm is an awesome concept that treats multiple docker daemons as one. This means you can horizontally scale your cluster without worrying about many changes in your DevOps progress.

Docker swarm is another RESTful service layer which has exact same endpoints as Docker Daemon does. It has builtin strategies (like spread) to pick the actual node (server) to use.

Docker engine 100% works with docker swarm service. Docker swarm is transparent to any docker engine.

Is it completely transparent?

No. There are still some configuration needed to make things work like network, volume mapping etc. With help of Docker compose, the swarm can be configured easily. See here for limitations with Docker Swarm.

Discovery

Docker swarm depends on a discovery service which itself could be a docker service.The swarm network and discovery service is de-centralised and clustered which means better availability.Using swarm join will regiser itself to discovery service and swarm manager can then collect information from the discovery service.It is able to use:

token proto: for non production

etcd

consuland some other key-value stores.

Token

token is hosted on docker.com. Typeically not used for prod.

Generate a token:

1

docker run--rm swarm create

Then it is able to use token://<tokenID> as discovery service

Swarm Manager TLS

As docker swarm manager needs to actively manage swarm agents, it needs have its own TLS certificates signed by same CA. Otherwise, swarm manager will not be able to talk to swarm agents.For example: